US President Barack Obama announced last year that America’s digital infrastructure is a “strategic national asset,” and set up a new Cyber Command headed by the director of the National Security Agency, signaling the importance of cyberpower in a nation’s internal and foreign policy. “Cyberpower and National Security” is one of the most comprehensive and scholarly books available on the topic of cyberpower.

The book is divided into six broad sections. The first three chapters form the foundation section that aims to identify and discuss major policy issues and formulate a preliminary theory of cyberpower. Chapter 1 looks at the key policy issues, categorizing them into structural and geopolitical. Chapter 2 establishes a common vocabulary for the cyber domain, with definitions for key concepts of cyberspace, cyberpower, and cyber strategy. Chapter 3 presents the initial theory of cyberpower.

Chapters 4 to 9 form the second section, “Cyberspace.” Chapter 4 looks at structural elements that constitute cyberspace, while chapter 5 identifies vulnerabilities affecting the critical national infrastructure of the US, including power grids, communication systems, and cyberspace infrastructure. In chapter 6, the authors look at trends in cyberspace: proliferation of broadband, the move to Internet protocol, version 6 (IPv6), increasing software complexity, the rise of online communities, and so on. Chapter 7 looks at the information security issues affecting the Internet, both on a small and large scale. Chapter 8 raises several policy issues that the authors think are relevant to the future of cyberspace, including security, identity, and location-aware computing, while chapter 9 explores the biotech revolution and the blurring of lines between humans and technology.

Section 3, “Military Use and Deterrence,” consists of four chapters. Chapter 10 looks at environmental power theories, compares them to cyberpower, and comes up with common features. Chapter 11 considers the question of whether networking operators do indeed improve operational effectiveness. Chapter 12 provides an overview of the cyberspace and cyberpower initiatives undertaken by the military, and chapter 13 looks at the contentious issue of the deterrence of cyber attacks.

The chapters in section 4, “Information,” look at the power of information and its role in the military and government. Chapter 14 examines the strategic influence of cyberspace information on international security. Chapter 15 explores the challenges associated with influence operations at the tactical level, while chapter 16 looks at the related issue of how information and communication technology and strategy can influence stability operations. This topic is further pursued in chapter 17, which analyzes various policy and institutional activities.

Section 5, composed of three chapters, looks at the way cyberpower can empower nations, terrorists, and criminals. Chapter 18 considers the way crime has advanced in cyberspace, especially the use of cyberspace by organized crime to further their agenda. Chapter 19 tries to scope the term “cyber terrorism,” and considers the debated question of whether it exists or is just a myth. Chapter 20 looks at the use of cyberspace by China and Russia.

In the last section, chapter 21 looks at the complex and sensitive issue of Internet governance and how the US can achieve “Internet influence” in the face of pressure from other nations. Chapter 22 discusses legal issues associated with cyber warfare, particularly two classes of problems: lawful resort to force and use of force in wartime. Chapter 23 provides a critical assessment of the US federal efforts to protect critical infrastructure. The last chapter pushes for setting up a Cyber Policy Council to provide a structured solution to some of the vexing problems in the area.

Compared to other books on the topic [1,2], this book is very detailed and theoretical in its coverage. Given its comprehensive coverage, it should be read and digested by those who have more than a passing interest in cyberpower and cyber strategies but with a liking for a more scholarly treatment of the problem space.

1)

Carr, J. Inside cyber warfare. O’Reilly, Sebastopol, CA, 2009.

2)

Clarke, R.A.; Knake, R. Cyber war: the next threat to national security and what to do about it. Ecco, New York, NY, 2010.

Recent events involving attacks on Google and other companies and the reconnaissance and espionage incidents against Tibetan and Indian officials have sparked widespread interest in the grey area of cyber warfare. Jeffrey Carr’s “Inside Cyber Warfare” comes as a welcome piece of work that thrown light on this serious area of 21st century means of warfare.

What sets Carr’s work apart is that instead of looking at the subject area from a purely technical perspective, Carr, and contributing authors, cover the issues associated with cyber war at a bigger-picture plane, considering issues like international law, involvement of organised crime, state machinery etc.

Chapter one provides an introduction to the problem of warfare in the cyberspace by referencing recent incidents involving non-state hackers from China, Russia, Israel, Iran and others. It also provides an introduction to the protection of a nation’s critical infrastructure and how it is connected to cyber warfare. Most high profile cyber attacks that have been identified so far have been attributed to individuals/groups (“non-state”) rather than specific state agencies or machineries. Chapter two looks at some of these well know hackers and follows up with discussion on whether these non-state actors are protected assets within a nation’s legal system.

Chapter three discusses the legal status of cyber warfare and the existing thoughts on how cyber warfare can be governed by the existing laws of armed conflict. While this chapter only introduces the problem of how to classify cyber war and which existing international treaties can be applied to such acts, the next chapter, written by Lt. Cdr. Matt Sklerov goes into in-depth detail of the various issues associated with this matter. Laying specific emphasis on the use of active defense to thwart cyber attacks, Sklerov analyses cyber warfare from the two principals areas of laws of war – jus ad bellum (justice to war) and jus in bello (justice in war). This is one of the strongest chapters of the book and its strength lies in the strong analysis of cyber war scenarios based on existing laws. It tackles the contentious issue of non-state actors and the need to impute state responsibility for act of non-state actors.

Chapter five discusses the investigation and analysis performed by Project Grey Goose, of which the author is a part, on two cyber attacks – the attacks against US and South Koeran government website in 2009 and that of LiveJournal and Twitter DDos attacks in August 2009. It also aims to propose a new approach to conducting cyber intelligence, taking into account unique issues associated with cyberspace and cyber warfare. Chapter six looks at the use of social web tools like Twitter, Facebook, MySpace etc. by hackers to collect personal information about potential attacks targets and how these are then used to mount targeted attacks. Chapter seven explains how the process of following the money trail created by arranging the logistics of launching an attacks can be used to track the culprits while chapter eight discusses the involvement of organised crime in the cyber warfare scene, with emphasis being on Russian organised crime.

Chapter nine takes a quick look at some basic network forensics tools available for investigators. Chapter ten looks at the malware scene and its close connection to cyber warfare and the use of social engineering and social web for targeted use of these malwares. Chapter eleven takes a brief look at the approach taken by Russia, China and USA in using cyber warfare in their military doctrine. A more thorough analysis of this subject would have added a lot of value to the book, but unfortunately that has not been attempted. Chapter twelve by Ned Moran proposes an early warning model for cyber attacks based on analysis of politically motivated cyber attacks with the aim of allowing defenders to predict than react to occurrences of these attacks. The last chapter of the book, contributed by three individuals with cyber warfare experience along with Jeffrey Carr aims to provide advice to policy makers to guide them in their effort to make proper policies towards protecting national cyberspace.

Carr’s work covers the very important field of cyber warfare which is becoming very relevant based on recent events involving intellectual property thefts, espionage etc. The work covers important ground by concentrating on issues like international law regarding cyber warfare, the legality of active defense and need for properly thought out policy framework for protecting the cyberspace. However, the book is not without issues. While it covers good ground, it falls short of a scholarly work, mainly due to the non-uniform depth of analysis of the various issues.

In short, a well written book that should be read by anyone interested in the deeper issues associated with cyber warfare, but not without some failings.